provider-server: send info of kernelMountOptions for cephfs to client

add kernel mount option ms_mode=secure to cephfs storageclass data when encryption in transit is enabled Signed-off-by: Rohan Gupta <[email protected]>
red-hat-storage · Jul 22, 2024 · f46aaba · f46aaba
1 parent 110d1d0
commit f46aaba
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/services/provider/server/server.go b/services/provider/server/server.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/blang/semver/v4"
 	quotav1 "github.com/openshift/api/quota/v1"
+	ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	"github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
 	ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
 	controllers "github.com/red-hat-storage/ocs-operator/v4/controllers/storageconsumer"
@@ -55,8 +56,9 @@ const (
 )
 
 const (
-	monConfigMap = "rook-ceph-mon-endpoints"
-	monSecret    = "rook-ceph-mon"
+	monConfigMap          = "rook-ceph-mon-endpoints"
+	monSecret             = "rook-ceph-mon"
+	kernelMountOptionsKey = "kernelmountoptions"
 )
 
 type OCSProviderServer struct {
@@ -687,6 +689,12 @@ func (s *OCSProviderServer) GetStorageClaimConfig(ctx context.Context, req *pb.S
 				"csi.storage.k8s.io/controller-expand-secret-name": provisionerSecretName,
 			}
 
+			storageCluster, err := s.getStorageCluster(ctx)
+			if err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to get storage cluster %v", err)
+			}
+			cephfsStorageClassData[kernelMountOptionsKey] = util.GetCephFSKernelMountOptions(storageCluster)
+
 			extR = append(extR,
 				&pb.ExternalResource{
 					Name: "cephfs",
@@ -769,3 +777,18 @@ func (s *OCSProviderServer) getOCSSubscriptionChannel(ctx context.Context) (stri
 	}
 	return subscription.Spec.Channel, nil
 }
+
+func (s *OCSProviderServer) getStorageCluster(ctx context.Context) (*ocsv1.StorageCluster, error) {
+
+	clusters, err := util.GetClusters(ctx, s.client)
+	if err != nil {
+		return &ocsv1.StorageCluster{}, fmt.Errorf("failed to get clusters: %v", err)
+	}
+
+	storageClusters := clusters.GetStorageClustersInNamespace(s.namespace)
+	if len(storageClusters) == 0 {
+		return &ocsv1.StorageCluster{}, fmt.Errorf("no storage clusters found in namespace %s", s.namespace)
+	}
+
+	return &storageClusters[0], nil
+}
diff --git a/services/provider/server/server_test.go b/services/provider/server/server_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	quotav1 "github.com/openshift/api/quota/v1"
+	ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1"
 	controllers "github.com/red-hat-storage/ocs-operator/v4/controllers/storageconsumer"
 	pb "github.com/red-hat-storage/ocs-operator/v4/services/provider/pb"
@@ -757,6 +758,13 @@ func TestOCSProviderServerGetStorageClaimConfig(t *testing.T) {
 				Phase: ocsv1alpha1.StorageRequestFailed,
 			},
 		}
+		storageClusterResourceName = "mock-storage-cluster"
+		storageClustersResource    = &ocsv1.StorageCluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      storageClusterResourceName,
+				Namespace: serverNamespace,
+			},
+		}
 	)
 
 	ctx := context.TODO()
@@ -767,6 +775,7 @@ func TestOCSProviderServerGetStorageClaimConfig(t *testing.T) {
 		claimResourceInitializing,
 		claimResourceCreating,
 		claimResourceFailed,
+		storageClustersResource,
 	}
 
 	// Create a fake client to mock API calls.